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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
09/17/2008 has been entered. 

This Office Action is in response to the Applicant's Amendment filed 08/18/2008. 
Claims 1,8,9 and 1 6 are amended. 
Claims 1-16 are pending. 

Response to Arguments 

2. Applicant's arguments filed 08/1 8/2008 have been fully considered but they are 
not persuasive. 

Applicant argues that "no where do the two Faucher terminals "jointly perform a 
decryption operation of the ciphertext by each respectively performing one or more 
subcomputations of the joint decryption operation based at least in part on respective 
partial shares of a key that each party holds," as recited in the independent claims" 
(Page 8 of Remarks). 

Examiner respectfully disagrees. Faucher expressly discloses terminal A sends 
its certificate to terminal B and terminal B sends its certificate to terminal A. Terminal A 
decrypts and validates terminal B's certificates using the KCA public decryption key. 
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Similarly, terminal B decrypts and validates terminal A's certificate using the KCA 
public decryption key. Terminal A generates a secret random component R.sub.a, 
calculates the corresponding public component X.sup.R.sbsp.a mod P, encrypts it 
using the public encryption key PK.sub.b extracted from terminal B's certificate, and 
transmits PK.sub.b (X.sup.R.sbsp.a mod P) to terminal B. Terminal B generates a 
secret random component R.sub.b, calculates the corresponding public component 
X.sup.R.sbsp.b mod P, encrypts it using the public encryption key PK.sub.a extracted 
from terminal A's certificate and transmits PK.sub.a (X.sup.R.sbsp.b mod P) to terminal 
A. Terminal A receives and decrypts the message, obtains terminal B's public random 
component X.sup.R.sbsp.b mod P and exponentiates using its secret random 
component R.sub.a. The result modulus P is passed over the hash function to obtain 
the session key. Terminal B receives and decrypts the message from terminal A, 
obtains terminal A's public random component X.sup.R.sbsp.a mod P and 
exponentiates it using its secret random component R.sub.b. The result modulus 
P is passed over the hash function H to obtain the session key" (col. 8, lines 25-48). 
As explained above, Faucher discloses that terminal A and terminal B have to 
exchange their information such as secret random component R sub a and secret 
random component R sub b to generate the shared information session key to use this 
session key to decrypt the ciphertext (col. 2, lines 14-20) which can read on the claim 
limitation jointly perform a decryption operation of the ciphertext by each respectively 
performing one or more subcomputations of the joint decryption operation based at 
least in part on respective partial shares of a key that each party holds. 
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Applicant further argues, "Applicant maintains that the Examiner has failed to 
identify a cogent motivation for combining Cramer and Faucher in the manner 
proposed" (Page 9 of Remarks). 

Examiner respectfully disagrees with this contention. In response to applicant's 
argument that there is no suggestion to combine the references, the examiner 
recognizes that obviousness can only be established by combining or modifying the 
teachings of the prior art to produce the claimed invention where there is some 
teaching, suggestion, or motivation to do so found either in the references themselves 
or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 
837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 21 
USPQ2d 1941 (Fed. Cir. 1992), In this case, Cramer's reference and Faucher's 
reference are analogous arts. They both specifically disclose to how to secure 
communications by using the cryptographic system that can support the motivation to 
combine the Cramer's teaching with Faucher's teaching to establish the limitations of 
Claim 1 that provides secure communications conducted over insecure channels 
(Faucher, col. 1, lines 13-15). Furthermore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to have incorporated 
Faucher's reference within Cramer to include wherein the assistance comprises an 
exchange of information between the first party device and the second party device 
separate from the sending of the ciphertext from the second party device to the first 
party device. One of ordinary skill in the art would have been motivated to do this 
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because it would secure communications conducted over insecure channels using 
pubic-keys method (Faucher, col. 1, lines 13-15). 

Applicant further argues Cramer does not teach or suggest "exchange of 
information between the first party device and the second party device whereby at least 
a portion of the information is encrypted using an encryption technique such that one 
party encrypts information using its own public key and another party cannot read the 
information but can use the information to perform an operation" (Page 10 of Remarks). 

Examiner respectfully disagrees. Faucher further discloses wherein the 
generating step further comprises an exchange of information between the first party 
device and the second party device whereby at least a portion of the information is 
encrypted using an encryption technique such that one party encrypts information using 
its own public key and another party can not read the information but can use the 
information to perform an operation" (Faucher, Figure 5, col. 8, lines 8-55). 

Applicant further argues, Cramer does not disclose or suggest "Cramer discloses 
generating a share of a random secret; generating information representing encryptions 
of a form of the random secret, a share of a private key, and the ciphertext; transmitting 
at least the encrypted information to the second party device; and computing the 
plaintext based at least on the share of the random secret, the share of the private key, 
the ciphertext, and the data received from the second party device" (Page 10 of 
Remarks). 
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Examiner respectfully disagrees. Cramer discloses generating a share of a 
random secret (Col. 7, lines 11-19); generating information representing encryptions of 
a form of the random secret, a share of a private key, and the ciphertext (Col. 7 lines 
10-27) {private key Z, and the random group}; transmitting at least the encrypted 
information to the second party device (Col. 6, lines 46-57); and computing the plaintext 
based at least on the share of the random secret, the share of the private key, the 
ciphertext, and the data received from the second party device (Figure 3, Col. 9 lines 
25-50). 

Applicant further argues that Cramer does not disclose or suggest "the first party 
device and the second party device additively share components of a private key" and 
"generation and exchange of proofs between the first party device and the second party 
device that serve to verify operations performed by each party" (Page 1 1 of Remarks). 

Examiner respectfully disagrees. Cramer discloses "the first party device and the 
second party device additively share components of a private key" in (Col. 7 lines 10-15, 
and Col. 9 lines 35-40); and generation and exchange of proofs between the first party 
device and the second party device that serve to verify operations performed by each 
party" in (Col. 8 line 38 to Col. 9 line 23). 

For at least the above reasons, the rejections for claims 1-16 are respectfully 
maintained. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-2, 4-6, 8-9-10, 12-14, and 18 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Cramer et al, (US Patent No. 6,697,488) hereinafter Cramer in 
view of Faucher (US Patent No. 5,51 5,441 ) hereinafter Faucher. 

As per claims 1 and 9, Cramer discloses a method for use in a device associated 
with a first party for decrypting a ciphertext according to a Cramer-Shoup based 
encryption scheme (Col. 6 lines 10-15), the method comprising the steps of: 

obtaining the ciphertext in the first party device sent from a device associated 
with a second party (Col. 8, lines 25-35, encrypted plaintext); and 

generating in the first party device a plaintext corresponding to the ciphertext 
based on assistance from the second device, the plaintext representing a result of the 
decryption according to the Cramer-Shoup based encryption scheme (Col. 8 line 25 to 
Col. 10 line 5) { Section IV teaches a verification steps to check the received ciphertext. 
Section V teaches steps of decrypting the received and verified ciphertext with the 
assistance of the sender} (Cramer and Shoup cryptographic system invention). 
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Cramer does not disclose "wherein the assistance comprises an exchange of 
information between the first party device and the second party device separate from 
the sending of the ciphertext from the second party device to the first party device, such 
that the first party device and the second party device jointly perform a decryption 
operation of the ciphertext by each respectively performing one or more 
subcomputations of the joint decryption operation based at least in part on respective 
partial shares of a key that each party hold, but such that either can decrypt the 
ciphertext alone." 

However, Faucher explicitly discloses wherein the assistance comprises an 
exchange of information between the first party device and the second party device 
separate from the sending of the ciphertext from the second party device to the first 
party device (col. 3, lines 5-50), such that the first party device and the second party 
device jointly perform a decryption operation of the ciphertext by each respectively 
performing one or more subcomputations of the joint decryption operation based at 
least in part on respective partial shares of a key that each party hold, but such that 
either can decrypt the ciphertext alone (Figure 5, col. 8, lines 8-55). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have incorporated Faucher's reference within Cramer to 
include wherein the assistance comprises an exchange of information between the first 
party device and the second party device separate from the sending of the ciphertext 
from the second party device to the first party device, such that the first party device and 
the second party device jointly perform a decryption operation of the ciphertext by each 
respectively performing one or more subcomputations of the joint decryption operation 
based at least in part on respective partial shares of a key that each party hold, but such 
that either can decrypt the ciphertext alone. One of ordinary skill in the art would have 
been motivated to do this because it would secure communications conducted over 
insecure channels using pubic-keys method (col. 1, lines 13-15). 

As per claims 8 and 16, Cramer discloses a method for use in a device 
associated with a first party for assisting in decrypting a ciphertext according to a 
Cramer-Shoup based encryption scheme, the method comprising the steps of: 

receiving a request generated in and transmitted by a second party device for the 
partial assistance {the partial assistance is the steps to verify the ciphertext before going 
through the decryption process in section V) of the first party device in decrypting the 
ciphertext according to the Cramer-Shoup based encryption scheme (Col. 8, line 38 - 
Col. 9, line 25); and 
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generating results in the first party device based on the partial assistance 
provided thereby for use in the second party device to complete decryption of the 
ciphertext" (Col. 8 line to Col. 10 line 5) { Section IV teaches a verification steps to 
check the received ciphertext. Section V teaches steps of decrypting the received and 
verified ciphertext with the assistance of the sender} (Cramer and Shoup are the 
inventors of this prior art) (Col. 8 line 25 to Col. 10 line 5). 

Cramer does not disclose "wherein the assistance comprises an exchange of 
information between the first party device and the second party device separate from 
the sending of the ciphertext from the second party device to the first party device, such 
that the first party device and the second party device jointly perform a decryption 
operation of the ciphertext by each respectively performing one or more 
subcomputations of the joint decryption operation based at least in part on respective 
partial shares of a key that each party hold, but such that either can decrypt the 
ciphertext alone." 

However, Faucher explicitly discloses wherein the assistance comprises an 
exchange of information between the first party device and the second party device 
separate from the sending of the ciphertext from the second party device to the first 
party device (col. 3, lines 5-50), such that the first party device and the second party 
device jointly perform a decryption operation of the ciphertext by each respectively 
performing one or more subcomputations of the joint decryption operation based at 
least in part on respective partial shares of a key that each party hold, but such that 
either can decrypt the ciphertext alone (Figure 5, col. 8, lines 8-55). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have incorporated Faucher's reference within Cramer to 
include wherein the assistance comprises an exchange of information between the first 
party device and the second party device separate from the sending of the ciphertext 
from the second party device to the first party device, such that the first party device and 
the second party device jointly perform a decryption operation of the ciphertext by each 
respectively performing one or more subcomputations of the joint decryption operation 
based at least in part on respective partial shares of a key that each party hold, but such 
that either can decrypt the ciphertext alone. One of ordinary skill in the art would have 
been motivated to do this because it would secure communications conducted over 
insecure channels using pubic-keys method (col. 1, lines 13-15). 

As per claims 2 and 1 0, Cramer and Faucher disclose the limitations of Claims 1 
and 9. Faucher further discloses wherein the generating step further comprises an 
exchange of information between the first party device and the second party device 
whereby at least a portion of the information is encrypted using an encryption technique 
such that one party encrypts information using its own public key and another party can 
not read the information but can use the information to perform an operation" (Faucher, 
Figure 5, col. 8, lines 8-55). 

As per claims 4 and 1 2, Cramer and Faucher disclose the limitations of Claims 1 
and 9. Cramer further discloses wherein the generating step further comprises: 
generating a share of a random secret (Col. 7, lines 11-19); 
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generating information representing encryptions of a form of the random secret, a 
share of a private key, and the ciphertext (Col. 7 lines 10-27) {private key Z, and the 
random group}; 

transmitting at least the encrypted information to the second party device (Col. 6, 
lines 46-57); and 

computing the plaintext based at least on the share of the random secret, the 
share of the private key, the ciphertext, and the data received from the second party 
device (Figure 3, Col. 9 lines 25-50). 

As per claims 5 and 13, Cramer and Faucher disclose the limitations of Claims 1 
and 9. Cramer further discloses wherein the first party device and the second party 
device additively share components of a private key" in (Col. 7 lines 10-15, and Col. 9 
lines 35-40). 

As per claims 6 and 14, Cramer and Faucher disclose the limitations of Claims 1 
and 9. Cramer further discloses wherein the generating step further comprises 
generation and exchange of proofs between the first party device and the second party 
device that serve to verify operations performed by each party" in (Col. 8 line 38 to Col. 
9 line 23). 
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4. Claims 3, 7, 1 1 , and 1 5 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Cramer and Faucher and further in view of Ronald Cramer et al, 
"Multiparty Computation from Threshold Homomorphic Encryption". 

As per claims 3 and 1 1 , Cramer and Faucher disclose the limitations of Claims 1 
and 9. Cramer and Faucher do not disclose "wherein the generating step further 
comprises an exchange of information between the first party device and the second 
party device whereby at least a portion of the information is encrypted using an 
encryption technique having a homomorphic property." 

However, Ronald Cramer discloses wherein the generating step further 
comprises an exchange of information between the first party device and the second 
party device whereby at least a portion of the information is encrypted using an 
encryption technique having a homomorphic property (page 18). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have incorporated Ronald Cramer's reference within 
Cramer and Faucher to include the encryption technique having a homomorphic 
property. One of ordinary skill in the art would have been motivated to do this because it 
would secure communications conducted over insecure channels (col. 1, lines 13-15). 

As per claims 7 and 1 5, Cramer and Faucher disclose the limitations of Claims 1 
and 9. Cramer and Faucher do not disclose wherein the proofs are consistency proofs 
based on three-move SIGMA-protocols. 
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However, Ronald Cramer discloses wherein the proofs are consistency proofs 
based on three-move SIGMA-protocols the proofs are based on three move SIGMA. 
Protocols (page 1 3). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have incorporated Ronald Cramer's reference within 
Cramer and Faucher to include the proofs are based on three move SIGMA, protocols. 
One of ordinary skill in the art would have been motivated to do this because it would 
secure communications conducted over insecure channels (col. 1, lines 13-15). 



Contact Information 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Baotran N. To whose telephone number is (571)272- 
8156. The examiner can normally be reached on Monday-Friday from 8:00 to 4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on 571 -272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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